cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
688
Views
0
Helpful
2
Replies

Rule creation information

carryonjay
Level 1
Level 1

Hi guys, 

We are using Sourcefire Firesight for the IDS purpose.  Someone has created few rules which are capturing the heavy traffic. I would like to know how to get the information about rule creator? 

Appreciate your help.

Thanks, 

Regards,

Jay 

2 Replies 2

ankojha
Level 3
Level 3

Hi Jay,

You can check the local rules that are created under Policy->Intrusion policy->rule editor

and you can either disable/enable them as per your requirement.

Also, regarding writing optimized snort rules you can refer to below document :

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node27.html

Rate if it helps.

Thanks,

Ankita

Hi Ankita,

Thanks for your great help. Actually, I would  also like to know if anyone has created rule or made any modification, can we track that or is there any way to get those audit information? 

Kind regards,

Jay 

Review Cisco Networking for a $25 gift card